Apply on Employer Site

CAE · 15 hours ago

Cloud Infrastructure and Security Engineer-EN

Altus, AR

Full-time

Onsite

Senior Level

5+ years exp

CAE is a leader in defense and security and civil aviation, focusing on revolutionizing training and operations with digital solutions. The Cloud Infrastructure and Security Engineer is responsible for designing, implementing, and maintaining secure cloud and on-premises IT environments, ensuring the stability and security of cloud services while adhering to compliance requirements.

AerospaceEnterprise SoftwareInformation TechnologySecuritySimulationTechnical Support

No H1B

U.S. Citizen Only

Responsibilities

Design, deploy, and manage secure cloud environments (Air Force SharePoint, CloudOne, AWS) while ensuring compliance with security frameworks (NIST, ISO 27001, FedRAMP)

Administer systems connected to NIPR network and ensure secure standards are enforced

Configure and maintain Identity and Access Management (IAM), Multi-Factor Authentication (MFA), and Role-Based Access Control (RBAC) policies for cloud and on-prem systems

Implement and monitor security controls, including intrusion detection/prevention systems (IDS/IPS), Security Information and Event Management (SIEM), and endpoint protection solutions

Perform vulnerability assessments and penetration testing to identify and mitigate security risks

Manage networking infrastructure, including firewalls, VPNs, and load balancers, ensuring secure connectivity between cloud and on-prem environments

Conduct regular security audits, risk assessments, and disaster recovery planning for IT systems

Develop and maintain security incident response plans, ensuring rapid detection and mitigation of cyber threats

Stay up to date with emerging cloud security threats, vulnerabilities, and best practices

Provide technical guidance and training on cloud security best practices to internal teams

Monitors usage of system

Ensures Scheduled Backup Procedures, Non-Scheduled Backup Procedures, and Types of Backup Media (Initialization Procedures, Label Documentation, Storage Locations (onsite/offsite), testing backups) are in place and functional

Conduct information security vulnerability scanning using the DoD’s Assured Compliance Assessment Solution (ACAS) (Tenable Security Center and Nessus Software)

Produce information security vulnerability scanning reports and develop Plans of Action and Milestones (POA&Ms) to resolve information security vulnerabilities

Install, test, configure, maintain and upgrade the computing and networking environment (CE/NE) operating systems, applications, software, hardware and network infrastructure components to comply with cybersecurity requirements (Security Technical Implementation Guides (STIG), Security Requirements Guides (SRG) and NIST best practices)

Implement and continuously monitor established technical security controls for CE/NE in accordance with information security plans, procedures and work methods

Develop compensating controls for information security deficiencies

Assist with developing or updating of Information Security related plans, procedures, work methods and documentation (such as network topology, hardware/software lists)

Other duties as assigned

Qualification

Cloud ExpertiseNetworking & SecurityCompliance & FrameworksIncident Response & MonitoringOperating SystemsInformation Assurance TechnicianVulnerability AssessmentsTelecommunications AnalysisLarge Scale Storage TechnologyAnalytical SkillsCommunication

Required

Bachelor's Degree in Management Information Systems, Computer Science, Information Technology or related field and 5+ years of experience in Information Technology or a combination of education and related experience

Information Assurance Technician (IAT) Level III certified or capable of obtaining the certification within six (6) months of the completion of the probationary period

Cloud Expertise: Experience with AWS, Azure, or Google Cloud security and infrastructure management

Networking & Security: In-depth knowledge of firewalls, VPNs, IDS/IPS, SIEM, and endpoint security solutions

Compliance & Frameworks: Understanding of NIST, CIS, ISO 27001, FedRAMP, and other regulatory security frameworks

Incident Response & Monitoring: Familiarity with tools like Splunk, Sentinel, or CrowdStrike for threat detection and mitigation

Operating Systems: Proficiency in Linux and Windows server administration

Strong Analytical Skills: Ability to assess risks, troubleshoot security issues, and implement effective solutions

Experience in a host and client/server, telecommunications and network migration and development, desktop computing, information system integration, hardware/software evaluation, information engineering and process reengineering methodologies are required

Proven telecommunications and network analysis, design, implementation, tuning, and maintenance required

Thorough understanding of large scale storage technology (SAN, NAS, Fiber channel, Tiered storage, zoning, LUNs, security, replication, backup)

Must be proficient in Ethernet protocols, and protocol analysis

Excellent Communication: Ability to articulate technical security concepts to non-tech

Must be able to effectively deliver oral presentations to management and customers

Must be able to work independently, with minimal supervision

Must be able to work overtime as required

Must be willing to work any shift or day of the week as required

Understanding of military protocols and customs is essential

Must be eligible for DoD Personnel Security Clearance

DoD 8570 approved baseline certification IAT Level III (at least one required) – CASP, CCNP Security, CISA, CISSP, GCED, GCIH